Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
Craft CMS RCE now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Active exploit activity
Facturascripts XSS now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
New critical Arc53 Docsgpt RCE (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
/cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2 allow remote authenticated users to execute arbitrary commands as root via...
phpMyFAQ is an open source FAQ web application.
GNU InetUtils Argument Injection
HAX CMS helps manage microsite universe with PHP or NodeJs backends.
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system.
FacturaScripts is open-source enterprise resource planning and accounting software.
LangChain is a framework for building agents and LLM-powered applications.
A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input...
GeographicLib 2.5 is vulnerable to Buffer Overflow in GeoConvert DMS::InternalDecode.
Rejected reason: Not used
Craft CMS Code Injection
Nothing flagged in this category for this digest.
Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by...
Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated...
Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS setti...
DocsGPT is a GPT-powered chat for documentation.
Wazuh is a free and open source platform used for threat prevention, detection, and response.
TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDev...
Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints.
WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TUBITAK BILGEM Software Technologies Rese...
Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting.